New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research

Search

Fake Norton Scans

A new scam method is being carried out with faulty antivirus scans that fool users into downloading potentially unwanted applications (PUAs). A Windows alert crafted by the scammers is delivered to the victim’s device and suggests that they run a quick scan and once “OK” is clicked, the system displays a page that mirrors Norton’s antivirus scanner. After the scan is run. users will get an alert that tells them an infection was found and they are guided to installing an update that will download the PUAs. These PUAs carry out activities such as stealing data, crypto mining, and modifying browser settings. It is believed that the scammers used HTML and JavaScript to craft up the fake Norton scanner. Revenue is generated by the number of PUA installs, so therefore more clicks equals more revenue.

Analyst Notes

Although it is hard to detect the scam from the real Norton scanner, users should open the Norton Scanner directly if they receive a notice on their device. If users believe they have been scammed, Norton and the FTC should be notified.